fix!: css obfuscation logic#2203
Conversation
📚 Documentation Check Results📦
|
Clippy Allow Annotation ReportComparing clippy allow annotations between branches:
Summary by Rule
Annotation Counts by File
Annotation Stats by Crate
About This ReportThis report tracks Clippy allow annotations for specific rules, showing how they've changed in this PR. Decreasing the number of these annotations generally improves code quality. |
🎉 All green!🧪 All tests passed 🎯 Code Coverage (details) 🔗 Commit SHA: 2342ce1 | Docs | Datadog PR Page | Give us feedback! |
🔒 Cargo Deny Results📦
|
Artifact Size Benchmark Reportaarch64-alpine-linux-musl
aarch64-unknown-linux-gnu
libdatadog-x64-windows
libdatadog-x86-windows
x86_64-alpine-linux-musl
x86_64-unknown-linux-gnu
|
This reverts commit a0bfe8c.
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 85eaf0cd6f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
it got introduced by mistake in 3d8ec6c
There was a problem hiding this comment.
Pull request overview
This PR updates client-side trace-stats obfuscation to be CSS-spec compliant by tightening the agent-version gate and ensuring obfuscated and non-obfuscated stats are never mixed within the same bucket or payload (including during forced flush/shutdown).
Changes:
- Require an exact obfuscation-version match (instead of a supported range) before enabling client-side obfuscation.
- Track obfuscation state per stats bucket and prevent flushing mixed obfuscation states in a single payload; force-flush may emit up to two payloads to drain both states.
- Adjust exporter/header behavior and update concentrator APIs/callers accordingly (including SHM and OTLP paths), plus remove an unused
results.xml.
Reviewed changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| libdd-trace-stats/src/stats_exporter.rs | Flush/send logic updated to potentially emit two payloads on force flush; obfuscation header now driven by bucket state. |
| libdd-trace-stats/src/span_concentrator/mod.rs | Adds per-bucket obfuscation state and changes flushing to avoid mixing obfuscation states. |
| libdd-trace-stats/src/span_concentrator/aggregation.rs | Extends StatsBucket to record whether the bucket is obfuscated (when the feature is enabled). |
| libdd-trace-stats/src/span_concentrator/tests.rs | Updates tests for updated concentrator flush return signature / OTLP flush API. |
| libdd-data-pipeline/src/trace_exporter/stats.rs | Tightens obfuscation-activation predicate and updates worker construction for the new exporter API. |
| libdd-data-pipeline/src/otlp/metrics.rs | Adapts to flush_with_otlp_exact API change (now returns buckets directly). |
| libdd-data-pipeline/results.xml | Removes an unused file from the data-pipeline crate. |
| datadog-sidecar/src/service/stats_flusher.rs | Updates sidecar exporter construction for the new exporter API (no client-side obfuscation header). |
| datadog-ipc/src/shm_stats.rs | Updates SHM concentrator flush API to return the new (…, …, buckets_obfuscated) tuple. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // We flush twice with `force_flush` so that if we have a mix of obfuscated and unobfuscated | ||
| // buckets, both get flushed in separate payloads | ||
| let flush_count = if force_flush { 2 } else { 1 }; | ||
| let mut sent_stats = false; | ||
| for _ in 0..flush_count { | ||
| let (payload, collapsed_spans, buckets_obfuscated) = self.flush(force_flush); |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ed0277a1cc
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
(testing claude review)
Overall the core fix looks correct (exact obfuscation-version match, per-bucket obfuscation locking, never mixing obfuscated/unobfuscated buckets in one payload). Main gap I'd flag before merging: no new tests cover the actual new behavior introduced here — a bucket locking its obfuscation state at creation, drain_due_buckets splitting a mixed set across two calls, or StatsExporter::send(force=true) issuing two separate HTTP requests when buckets are mixed. Given the PR body itself still has "system tests" unchecked, a unit test for the mixed-bucket force-flush path (in span_concentrator/tests.rs and stats_exporter.rs) would make this much safer to land.
One more note that didn't fit as an inline comment since it's on an unmodified line: OtlpStatsExporter's shutdown path (libdd-data-pipeline/src/otlp/metrics.rs:305, self.send(true, OTLP_SHUTDOWN_MAX_RETRIES)) only force-flushes once, unlike StatsExporter::send's new double-flush-on-force. That's safe today only because builder.rs always constructs that concentrator's obfuscation_config as None (so obfuscated can never be true there) — if that concentrator is ever reused for an obfuscation-enabled path, mixed buckets left behind on shutdown would be silently dropped. Left a few smaller inline notes too.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
What does this PR do?
Motivation
Additional Notes
results.xmlfile is an unrelated change but making a PR for it would've been overkill.How to test the change?
APMSP-2985